Learn more about activating a Broker VM with a FTP Collector applet.
The Broker VM provides a FTP Collector applet that enables you to monitor and collect logs from files and folders via FTP, FTPS, and SFTP directly to your log repository for query and visualization purposes. A maximum file size of 500 MB is supported. After you activate the FTP Collector applet on a Broker VM in your network, you can collect files as datasets (<Vendor>_<Product>_raw
) by defining the following.
FTP, FTPS, or SFTP (default) connection details with the path to the folder containing the files that you want to monitor and upload to Cortex XSIAM .
Settings related to the list of files to monitor and upload to Cortex XSIAM , where the log format is either Raw (default), JSON, CSV, TSV, PSV, CEF, LEEF, Corelight, or Cisco. Once the files are uploaded to Cortex XSIAM , you can define whether in the source directory the files are renamed or deleted.
Danger
Before activating the FTP Collector applet, review and perform the following:
Ensure that the user permissions for the FTP, SFTP, or FTPS include the ability to rename and delete files in the folder that you want to configure collection.
When setting up an FTPS Collector with a server using a Self-signed certificate, you must upload the certificate first to the Broker VM as a Trusted CA certificate.